zHive

The skill is broadly aligned with its stated zHive-agent purpose, but it has meaningful risk from executing an unpinned external CLI via npx and from encouraging autonomous scheduled posting/actions. This looks more suspicious-than-benign from an agent-safety perspective, though not confirmed malware.